[FPU-WiFi] | [FPU-IoT] | [FPU-Guest] | [Dorms] | [Policies]
Users who connect to any FPU wireless network (SSIDs) agree to and are subject to these policies. SSIDs include: FPU-WiFi, FPU-IoT, FPU-Guest, FPU-Visitor, FPU-Onsite, WEC-AIMS
Updates
October 14, 2020 - ITS has added the grayware category to our URL filter blocklist. Our firewall vendor describes grayware as "Websites and services that do not meet the definition of a virus but are malicious or questionable and may degrade device performance and cause security risks."
September 30, 2020 - ITS has added the folowing categories to our URL filter blocklist for security reasons. If you are attempting to visit a site that is falls into one of these categories, contact the ITS Helpdesk with the URL and we'll review and, if possible, add it to an exceptions list. Explanations for these new categories are from our firewall vendor's website.
- cryptocurrency (Not malicious in itself, but commonly used to redirect victims after device exploitation. Feel free to email the FPU helpdesk if you need a crypto exchange allowed for personal use.)
- dynamic-dns (Hosts and domain names for systems with dynamically assigned IP addresses and which are oftentimes used to deliver malware payloads or C2 traffic. Also, dynamic DNS domains do not go through the same vetting process as domains that are registered by a reputable domain registration company, and are therefore less trustworthy.)
- extremism (Websites promoting terrorism, racism, fascism or other extremist views discriminating people or groups of different ethnic backgrounds, religions or other beliefs. This category was introduced to enable adherence to child protection laws required in the education industry.)
- parked (Domains registered by individuals, oftentimes later found to be used for credential phishing. These domains may be similar to legitimate domains, for example, pal0alto0netw0rks.com, with the intent of phishing for credentials or personal identify information. Or, they may be domains that an individual purchases rights to in hopes that it may be valuable someday, such as panw.net.)
Network Connection Policy
Approved by President’s Cabinet 2018-04-10
1. Policy
Fresno Pacific University requires devices connecting to the network to authenticate, meet security baselines, and be configured not to conflict with centrally provided services.
2. Reason
This policy exists to safeguard and ensure the availability of the Fresno Pacific University network by defining the requirements for connectivity of devices. Network availability, integrity, and security are at risk when non-compliant devices connect to the network. Compliant devices are less likely to cause network disruption.
3. Scope
All staff, faculty, students, guests, auxiliary organizations, third parties (such as vendors), and any other entities connecting any device to the Fresno Pacific University network are subject to this policy.
4. Authentication and Authorization
Devices connecting to the network require authentication. Authentication identifies the user of a device and limits unauthorized access to network resources. Authentication is achieved usually through the use of credentials to access University computers and network resources, such as servers or wireless access. Authorization involves the granting of privileges and permissions to access data. ITS applies privileges and permissions in accordance with the University Information Security Policy and the direction of the owner or manager of specific data.
5. Security
Devices connected to the network must meet the following minimum baseline security requirements. The minimum baseline security for computers requires the use of antivirus software and a supported, up-to-date modern operating system that is free of malicious software. Implementation of these security requirements for devices protects the device, reduces the security risks to other devices on the network, and safeguards critical data systems.
6. Services
Devices connected to the network must not run services that disrupt or interfere with network enabling services provided centrally. Network enabling services are layered services supporting the connecting of a device to the network.
Specific Service Policies
Web Filtering: The internet filtering mechanism uses several categorization technologies to group URLs. These include human review and a licensed contextual URL filtering engine.
Fresno Pacific University will use software filters and other techniques whenever possible to restrict access to inappropriate information on the Internet by students, faculty and staff at all areas on campus including labs, classrooms, libraries and offices. Reports of attempted access will be logged and available for review by management. Specific sites may be whitelisted (allowed) by contacting the ITS Helpdesk. Any whitelisting requests will be reviewed by Network Services and, if needed, the Executive Director of IT Services. Currently the following categories are being blocked or logged:
- Abused drugs (Sites that promote the abuse of both legal and illegal drugs, use and sale of drug related paraphernalia, manufacturing and/or selling of drugs.)
- Adult (Sexually explicit material, media (including language), art, and/or products, online groups or forums that are sexually explicit in nature. Sites that promote adult services such as video/telephone conferencing, escort services, strip clubs, etc. )
- Copyright-Infringement (Web pages and services that are dedicated to illegally offer videos, movies or other media for download infringing copyrights of others.)
- Gambling
- Hacking
- Malware (Sites containing malicious content, executables, scripts, viruses, trojans, and code.)
- Peer-to-Peer (Sites that provide access to or clients for peer-to-peer sharing of torrents, download programs, media files, or other software applications. Does not include shareware or freeware sites. This is primarily for those sites that provide bittorrent download capabilities.)
- Plagiarism (manually maintained)
- Proxy-avoidance-and-anonymizers (Proxy servers and other methods that bypass URL filtering or monitoring.)
- Questionable (Sites containing tasteless humor, offensive content targeting specific demographics of individuals or groups of people, criminal activity, illegal activity, and get rich quick sites.)
- Weapons (not blocked, but logged)
ITS does not maintain these categories, they are updated dynamically by security equipment definitions, except in the case of plagiarism websites these are maintained manually. Internet web site categories or individual web sites that consume excessive amounts of network resources, or pose a security risk to Fresno Pacific University, will be subject to review and possible blocking.
Wireless: Wireless network access (WiFi) is provided to staff, faculty, and students for the sake of convenience. Wired connections will be used for University owned equipment whenever possible to ensure connectivity. Non-University owned equipment is provided best-effort service. BYOD (Bring-Your-Own-Device) access is provided for use outside of job demands. ITS encourages users to login using their University credentials so that wireless data remain encrypted. For FPU business, an encrypted connection is required to comply with federal and industry regulations (e.g. FERPA, HIPAA, PCI). A guest WiFi network is provided for the sake of visitors or guests and is not encrypted. Data traversing the guest WiFi network are not to be considered safeguarded. Therefore, University owned equipment must not operate over unencrypted guest networks.
Wireless Airspace: Devices that impede wireless (IEEE 802.11) communication are subject to removal from Fresno Pacific University property. Devices that may interfere with wireless radio frequencies include, but are not limited to, printers, handheld consoles, Chromecasts, wireless keyboards, and CCTV cameras. Printers that have the ability to operate over WiFi should have the WiFi function disabled since this will impede wireless communication. Employees, students, and third parties operating on FPU property are required to disable the wireless functionality of any interfering devices discovered by ITS. Non-WiFi devices (microwaves, Bluetooth devices, walkie talkies, etc.) can also cause interference and are also subject to removal or relocation.
Peer to Peer (P2P): University network connections may not be used to violate copyright laws. In order to ensure compliance with the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), and law enforcement, peer-to-peer file sharing has been restricted by the University. All peer-to-peer file sharing network activity will be monitored and usage tracked. Network activity that utilizes peer-to-peer applications will be blocked.
Student Residences: Fresno Pacific University provides Internet connectivity to students in their living spaces on a best-effort service. ITS will attempt to keep uptimes reasonable but is not beholden to immediately fix service disruptions. Each network wall jack is only allowed to have one device attached. The University does not permit the use and installation of personally owned networking equipment in dormitories. Additionally, ITS does not guarantee any particular metric of speed, however, we continually strive to provide acceptable speeds due to the increased demand of networked applications.
Remote Access (VPN): Remote access to the University network is limited to staff, faculty, and approved University-contracted vendors. In order to use the VPN, you need a connection to the Internet from an off-campus location. The University does not provide you with an Internet connection, your Internet Service Provider does. Therefore, it is not the responsibility of ITS staff to troubleshoot ISP or home network issues. VPN connected users must adhere to the same network policy guidelines outlined in this document. ITS reserves the right to limit global network access over VPN. Access to network resources (files, databases, portals) are contingent on the user's level of authorization. VPN users must also disconnect once they are finished with relevant University related work.
Anonymizers and Tunneling: Use of anonymizing or tunneling software that bypasses the University firewall is not allowed on the network. This includes VPN , TOR, and proxy connections that tunnel traffic through an external provider. Especially on employee networks these services cannot be implemented. This does not include connects from the outside to the FPU network using University approved VPN software. The Executive Director of Information Technology Services may grant exceptions on a case by case basis. Exceptions are to be based on IT industry security standards and whether the exception constitutes acceptable risk.
7. Network Devices
Any device that provides network connectivity to other devices must be owned and installed by authorized ITS Network Services personnel and requires approval from Network Services under the oversight of the Executive Director of IT Services. This includes: routers, firewalls, switches, hubs, bridges, access points, wireless bridges, repeaters, powerline, PBXs, etc. Devices that cause wireless interference or disrupt network functions in any way are subject to disconnection.
8. Monitoring of devices
The University, and as a result ITS, reserves the right to monitor all network traffic. It is not University policy to actively monitor user activity or undermine encryption of transported data. However, source and destination IP addresses, application and port, Web URLs, data rates, and bandwidth consumption of user traffic is logged to uphold confidentiality, integrity, and accessibility of University data and services.
9. Compliance
Users connecting devices to the network consent to compliance with this policy. Compliance verification for devices is limited to configuration and security inspection and follows University policies protecting privacy.
10. Communication with user
Attempts will be made to communicate with offending users if the user's account is logged. However, due to the nature of network attacks and the need for security, access can and will be terminated for the safety of University resources.
11. Disconnection
Devices are subject to disconnection from the network for infractions of this policy.
Attacks on University electronic resources are continual, serious, and threatening. To prevent catastrophic damage to these resources, the University must have the capability to immediately address and respond to attacks and intrusions.
The Executive Director of IT Services and Network Services, having the responsibility to maintain and operate University network infrastructure, have the authority to implement emergency security measures to protect campus electronic resources. These measures may involve shutting off or disconnecting portions of the campus network, blocking certain communication ports, implementing software and/or anti-virus updates, and shutting down servers or workstations as a response to immediate threats or attacks to University resources.
The Executive Director of IT Services shall notify senior administration of actions taken in emergency situations, as noted above, as soon as practical. Those units affected by such emergency actions shall be notified and consulted in a timely manner.
Acceptable Use Policy
Approved by President’s Cabinet 2018-03-13
1. Policy
Fresno Pacific University is responsible for overseeing the appropriate use of its information technology resources and requires individuals accessing and using university resources to adhere to the rules contained within this policy.
2. Reason
The University encourages the use of information technology resources to share information and knowledge in support of its mission of developing students for leadership, and serving the church and society as outlined in the FPU Idea. This policy provides a framework to promote and encourage responsible use of information technology resources in the educational setting as well as while conducting university business.
3. Scope
All staff, faculty, students, guests, auxiliary organizations, third parties (such as vendors), and any other entities granted access or using any university information technology resource must adhere to this policy.
Information technology resources include, but are not limited to, data, voice, video, computer accounts, electronic communications, files, computers, laboratories, and software stored on or traverse university systems.
4. Guiding Principles
The university recognizes the principles of academic freedom, shared governance, freedom of speech, and privacy rights that hold important implications for the use of information resources. This policy reflects these principles within the context of the university's legal and other compliance obligations.
The university’s information resources are provided for the use of students, faculty, and staff, and in support of the programs of the University. All students, faculty, and staff accessing resources are responsible for seeing these information resources are used in an effective, efficient, ethical, and lawful manner.
5. Rights and Responsibilities
University information systems provide access to resources on and off campus and facilitate worldwide communication. Such access is a privilege requiring individuals to use information resources responsibly. Access and use of information resources carries with it certain conditions and responsibilities.
Individuals shall respect the rights of other users, respect the integrity of the information resources and observe all applicable laws, policies, and contractual obligations. Individuals must adhere to software licensing agreements and copyright laws. When accessing external resources, individuals are responsible for abiding by any policies, rules, and codes of conduct applying to such resources.
Individuals are responsible for the proper use of information resources assigned to them, including accounts, passwords, computers, and data. Individuals shall not knowingly falsely identify themselves and will take steps to correct misrepresentations if they have falsely or mistakenly identified themselves.
Misuse of these resources or violation of the conditions in this policy may result in the termination of the accounts and access, or in cases of more serious infractions, the submission of the case to an appropriate disciplinary authority for further investigation.
Individuals should report any violations (apparent or suspected) of law or University policy to their appropriate manager and/or the Executive Director of IT Services (see section 11).
6. Privacy
The university’s intent is to consider information and content as private and confidential unless they have explicitly been made available to other authorized individuals. It is not the university’s practice to inspect, monitor or disclose the content of information stored on or transmitted through the university’s information technology resources.
However, individuals should not expect privacy in their access and use of University information resources. As a practical matter, authorized individuals may access personal identifiable information and/or electronic communication when necessary for the maintenance and security of University information resources and services. When performing these functions, every effort is made to ensure the privacy of an individual’s information. However, if violations are discovered, they will be handled through normal University procedures.
In addition, electronic communication is neither private nor secure. In communicating via e-mail, instant messaging, or other forms, it is the individual and not the university, who assumes responsibility for its contents. All electronic messages may be subject to discovery in civil litigation or in criminal investigations. In most instances, there is no reason for electronic messages to be retrieved by anyone other than the intended addressee. In limited and appropriate circumstances (e.g., investigation of wrongdoing) electronic communication may become subject to internal monitoring by an authorized individual.
7. Copyright, Licensing, and Related Concepts
Among other rights, copyright law, in general, gives the owner of a piece of literary or associated work (including, amongst other types of work, software, music, videos, games, artistic works, and photographs) the right to prevent that work from unauthorized copying and distribution via any form. As the University is subject to federal law, students, staff, faculty, and administrators must comply and abide with copyright law and University copyright policy.
The concept of ‘fair use’ allows limited use of copyright works for the purposes of research, private study, criticism and review; since the ‘fair use’ test is qualitative rather than quantitative, the prospective individual may need to check with the copyright owner before use.
This means that most information and software is subject to copyright and/or restrictions on its use. Each individual must respect this copyright and must comply with published usage restrictions relating to any program, information, image, web page, or other material. Any individual who installs software and/or information on University resources must ensure full compliance with any relevant copyright requirements and licensing agreements.
8. Legal Requirements
Violations of law may be subject to penalties under civil or criminal code. University policies on sexual or other forms of harassment apply fully to all information resources, including electronic communication and the Internet.
University information resources such as electronic communication (e.g. e-mail, voice mail, instant messaging) are provided for University-related activities. Fraudulent, harassing, or obscene messages and/or materials are not to be printed, sent, or stored. No e-mail or message shall be created or sent, nor Web pages created, that may constitute intimidating, hostile, or offensive material based on gender, race, color, religion, national origin, sexual orientation, or disability.
The following acts are relevant to use of information resources in a university setting. Violations may incur sanctions by the University and/or legal proceedings. Examples of violations are not intended to cover all eventualities:
a. Knowingly gaining or attempting to gain unauthorized access to any information resource, program, or information that the individual has no authorization to access or use.
b. Unauthorized modification or access to any program, file, data, electronic communication, or other computer material belonging to another individual or organization.
c. Using information resources to impersonate, harass, threaten, or otherwise cause harm to other individuals or organizations.
d. Intentionally transmitting any computer virus, worm, or other malicious software.
e. Taking actions threatening the security of information resources or actions which modify, damage, or overload these resources.
f. Violating any applicable law, University policy, or contractual obligation.
9. Prohibited Use
Fresno Pacific University is a private not-for-profit, tax-exempt organization and is subject to applicable federal and state laws. Any use of information resources in a manner placing the University in jeopardy of such status is prohibited. University information resources shall not be used for non-University commercial purposes.
Individuals are advised to be aware of their responsibilities for appropriate behavior in public places. Some materials, which may be appropriate for scholarly inquiry in various disciplines, may be seen to have a strong possibility of creating a hostile environment for other students, faculty, staff, and visitors.
University information resources shall not be used to imply University endorsement, including the support or opposition of the University with regard to any religious or political activity or issue. University resources shall not be used for unauthorized mass messaging to newsgroups, bulletin boards, mailing lists, or other individuals. Individuals shall not imply University endorsement of products or services of a non-University entity from a University information resource, without approval. Individuals shall not give the impression that they are representing, giving opinions or otherwise making statements on behalf of the University unless authorized to do so. To avoid this, individuals may use a disclaimer such as "The opinions or statements expressed herein should not be taken as a position of or endorsement by Fresno Pacific University."
University resources shall not be used to store, distribute, or transmit obscene or offensive material. No individual may hold in files (or Web pages), or transmit electronically, information, which constitutes obscene or offensive material. In this context, the individual is responsible for the content of his/her files, Web pages and messages. Any such data received involuntarily, e.g., through electronic mail, should be deleted. These aforementioned restrictions might not prohibit such access or retention of such materials if they are being used for a specific academic purpose or in the case of investigations.
Staff and faculty may not install or uninstall hardware or an operating system on University owned equipment. IT resource provisioning, maintenance, installation, and troubleshooting are the sole responsibility of Information Technology Services. See the Computing Support Policy for more details.
10. Incidental Use
Information resources are owned and operated by the University, auxiliary organizations, programs, and recognized student and campus organizations. These resources are to be used for University-related activities and occasional incidental use. Such resources are provided to facilitate a person's essential work as an employee or student. Individuals may use University information resources for occasional incidental personal purposes of a private nature if such use does not:
a. Interfere with the University's operation of its information resources.
b. Burden the University with noticeable incremental costs.
c. Interfere with a person's employment or other obligations to the University.
d. Constitute or result in financial gain.
e. Involve installing potentially malicious software, games, and other software deemed unsuitable for work on University equipment.
f. Involve accessing, creating, downloading, or disseminating any information that a reasonable person would deem inappropriate, such as pornography or racist materials.
g. Violate any applicable law, University policy, executive order, or contractual obligation.
Entertainment or consumer devices, such as Xbox, Apple TV, Roku, etc., are given a best effort connection. Communication between personal devices is not guaranteed and only basic connectivity to the Internet is attempted.
11. Reporting
Violations, or suspected violations, of this policy should be reported electronically to itsreports@fresno.edu.
Incidents must remain confidential and only discussed among parties involved and appropriate ITS personnel.
12. Enforcement
Federal and state laws and University policies in some cases apply specifically to the use of information resources. In other cases, they may apply generally to personal conduct in which the use of information resources is incidental. Violations of law may be referred for legal action.
Violations of provisions in this policy will be handled through normal University procedures. Violators may be subject to disciplinary action up to and including dismissal or expulsion under applicable University policies.
Cases of more serious infractions will be submitted to an appropriate disciplinary authority for further investigation. In such cases, because different laws, policies, and procedures govern appropriate actions involving students, faculty, administrators, or staff, any appropriate actions must follow the appropriate procedures.
The University reserves the right to terminate, suspend, and/or limit access to its information resources when policies or laws are violated and to use appropriate means to ensure continued service delivery at all times, preserve network/system integrity, and safeguard its information resources.